- Bronze, 100 points or more
Trying to get a VPN client connected with a pix515e. Pix is running 6.3(3). Client is 4.0.4 We get the same errors from dial-up, cable-modems, etc.
The connection just drops during negotiation. We thought it could be an MTU thing, but have tried every MTU under the sun, and the error remains the same for all connections regardless of MTU.
I've attached the config from the pix, the log from the VPN client, and the debug messages from the pix.
Thanks for any help anyone can provide...
your IKE proposal on the PIX is as follows:
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash sha
isakmp policy 20 group 5
But this (http://www.cisco.com/univercd/cc/td/doc/product/vpn/client/rel4_0/admin_gd/vcach6.htm#1157757) shows that the VPN client doesn't support this proposal. Change your group to 2 and try again. DH group 5 is only supported when using digital certs, which you're not.